package com.threeti.mecool.mobile.controller;

import static com.threeti.mecool.mobile.CommandConst.CMD_AUTH_LOGIN;
import static com.threeti.mecool.mobile.MessageConst.MSG_AUTH_001;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import com.threeti.mecool.core.domain.model.acl.User;
import com.threeti.mecool.core.infrastructure.persistence.UserRepository;
import com.threeti.mecool.mobile.interfaces.ResponseDto;
import com.threeti.mecool.mobile.interfaces.assembler.UserAssembler;

@Controller
@RequestMapping(value = "/auth")
public class AuthMobiController {
  @Autowired
  UserRepository userRepository;

  @RequestMapping(value = "/login")
  @ResponseBody
  public ResponseDto login(@RequestParam(required = true) String loginName, @RequestParam(required = true) String password) throws Exception {
    User user = userRepository.findByloginNameAndPassword(loginName, password);
    if (user == null) {
      return ResponseDto.withBizFailureMsg(CMD_AUTH_LOGIN, MSG_AUTH_001);
    }

    //SecurityUtil.putUserInSession(new UserAdapter(user));// TODO jay:退出要注销User

    return ResponseDto.with(CMD_AUTH_LOGIN, "1").withBizSuccessBody("user", UserAssembler.toDto(user));
    // TODO jay:是否返回类似于jsessionId的令牌以建立后续会话？    
    // TODO jay:考察客户端如何处理类似400错误？
  }

}
